Cybersecurity experts are warning of a heightened threat environment in the wake of U.S. and Israel’s joint attack on Iran, which launched over the weekend, killing supreme leader Ayatollah Ali Khamenei and senior officials in the country.

In response to the bombing campaign, nation-state and state-sponsored threat actors have accelerated reconnaissance and espionage activity, and security researchers are warning of increased risk of retaliatory cyberattacks, including:

• distributed denial of service attacks, which attempt to disrupt normal traffic of a targeted server, service or network by overwhelming it with a flood of internet traffic.
• ransomware or wiper attacks, designed to permanently destroy data.
• software supply chain attacks, where threat actors may attempt to compromise widely used software components or libraries that development teams rely on to build and deploy applications.

Iran-linked groups are expected to launch attacks against the U.S. and Israel, with a focus on banks, critical infrastructure providers and other targets, according to Cybersecurity Dive.

“Iran has attacked our banking system, they’ve attacked oil infrastructure, they’ve done mis- and disinformation during elections, they’ve attacked water utilities and other critical infrastructure,” Jake Braun, executive director of the Cyber Policy Initiative at the University of Chicago, told CBS News. “I think we can expect all those attacks, again, and more severe attacks.”

Though banks and critical infrastructure are the primary concern for targeted attacks, other organizations – particularly those with public-facing applications or services – should prioritize keeping their systems up-to-date with security patches and closely monitor vendor security notifications regarding zero-day vulnerabilities and targeted attacks, says Seth Kusiak, chief information security officer and vice president, infrastructure at ASI.

“IT and security teams in the promo industry should remain especially vigilant when reviewing security alerts and monitoring systems for unusual activity,” he adds. “Iran possesses well-developed cyber capabilities, particularly in social engineering operations. These threat actors may take advantage of the current environment to conduct phishing campaigns and other social engineering attacks that could lead to financial loss or significant security incidents.”

In addition to staying vigilant, now would be a good time to review insurance policies and understand the scope of coverage. “Most cyber-insurance policies contain war exclusions,” Kusiak says. “Cyberattacks attributed to Iran or other confirmed nation-state or state-sponsored threat actors may not be covered.”

Most importantly, he says, companies shouldn’t panic, but instead recognize the “elevated risk environment” and take appropriate precautions.